$46m flew into Manila casinos

More than half of the $81 million Bangladesh Bank's money, which ended up in the Philippines through hacking, went to local casinos in the Southeast Asian country and was used to bet at the tables and buy chips.

“For 20 days, the funds were just there, being used for betting. Everything seemed normal. There was nothing out of the ordinary,” said a senior official of the state-run Philippine Amusement Gaming Corporation (Pagcor).

Pagcor is in charge of regulating gaming activities in the Philippines and is investigating the February 4 hacking of Bangladesh's central bank system.

“It was only when the Inquirer story came out that authorities acted on this,” he told The Inquirer yesterday, while talking about the probe's primary findings. 

One of the largest bank thefts in history, the case became public last week, about a month after the funds were stolen from the BB's account with the Federal Reserve Bank of New York.

On February 8, three days after the hacking took place, the BB requested the Rizal Commercial Banking Corporation (RCBC), whose four clients received the funds, to stop payment and refund the money, and if it had been transferred, to “freeze or put the funds on hold,” noting that the payment order was fraudulent.

 However, this was a weekly holiday in the Philippines.

The following day, the RCBC of the Philippines received a SWIFT message from the BB requesting to stop payment and freeze the accounts for proper investigation. SWIFT stands for the Society for Worldwide Interbank Financial Telecommunication whose messaging system is commonly used by banks for international transactions.

However, withdrawals from the accounts totaling $58.15 million had already been processed by the Jupiter Street branch of the RCBC.

BB Governor Atiur Rahman sought the assistance of his Filipino counterpart on February 16 and convinced the Filipino embassy in Dhaka to fast track the legal process to file cases with the Anti-Money Laundering Council (AMLC) of the Philippines in order to retrieve the money.

But it was not until March 1 that the funds were ordered frozen by the Court of Appeals acting on a request by the AMLC.

Before the freeze order, the funds were being used for betting at the casino tables, the Pagcor official said.

The Inquirer quoted the Pagcor probe saying $46 million of the $81 million found its way into the local casino industry, with the rest presumably being sent overseas.

The official of Pagcor said the funds were split into a $26-million tranche that was channeled into the account of Solaire Resort and Casino and a $20-million tranche that was directed to the accounts of Easter Hawaii Casino and Resort at the Cagayan Economic Zone Authority in Santa Ana, Cagayan province.

The two tranches entered the Filipino financial system between February 5 and 9.

The Pagcor official said the gaming clients to whose accounts the funds were credited had started playing at the gaming tables even ahead of the arrival of the remittance, using a credit line provided by the casinos as a standard practice for high-rollers.

“Some of the funds were used to cover losses incurred by the players,” he said.

Meanwhile, US-based FireEye Inc's Mandiant forensics division is helping to investigate the cyber heist.

FireEye, which has investigated some of the biggest cyber thefts on record, was brought in by World Informatix, the firm that is advising the BB on the investigation.

Reuters news agency quoted sources saying that the US government had offered help to probe the heist.

The sources said that officials with the Federal Bureau of Investigation (FBI) and US Department of Justice had held informal conversations with the BB about the case.

Any investigation by US authorities is likely to focus on learning how cyber criminals penetrated the central bank's network, the flow of the looted funds around the world and whether any money can be recovered.

The hackers breached the BB's systems and stole its credentials for payment transfers by installing a malware in the BB system in January. The attackers then bombarded the New York Fed with nearly three dozen money-transfer requests over a weekend in early February.

The Fed processed four of the requests, sending a total of $81 million to accounts in the Philippines. A fifth transfer of $20 million, to a non-profit in Sri Lanka, was stopped after  a typo in the routing instructions raised suspicions, according to bank sources.

The BB has said it has recovered the stolen money that ended up in Sri Lanka, and is working with anti-money laundering authorities in the Philippines to try to recover the rest.